git subrepo clone https://github.com/mailcow/mailcow-dockerized.git mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "a832becb"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "a832becb"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: If5be2d621a211e164c9b6577adaa7884449f16b5
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile
new file mode 100644
index 0000000..8b913af
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/Dockerfile
@@ -0,0 +1,64 @@
+FROM debian:buster-slim
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+ENV LC_ALL C
+
+RUN dpkg-divert --local --rename --add /sbin/initctl \
+ && ln -sf /bin/true /sbin/initctl \
+ && dpkg-divert --local --rename --add /usr/bin/ischroot \
+ && ln -sf /bin/true /usr/bin/ischroot
+
+# Add groups and users before installing Postfix to not break compatibility
+RUN groupadd -g 102 postfix \
+ && groupadd -g 103 postdrop \
+ && useradd -g postfix -u 101 -d /var/spool/postfix -s /usr/sbin/nologin postfix \
+ && apt-get update && apt-get install -y --no-install-recommends \
+ ca-certificates \
+ curl \
+ dirmngr \
+ dnsutils \
+ gnupg \
+ libsasl2-modules \
+ mariadb-client \
+ perl \
+ postfix \
+ postfix-mysql \
+ postfix-pcre \
+ redis-tools \
+ sasl2-bin \
+ sudo \
+ supervisor \
+ syslog-ng \
+ syslog-ng-core \
+ syslog-ng-mod-redis \
+ tzdata \
+ && rm -rf /var/lib/apt/lists/* \
+ && touch /etc/default/locale \
+ && printf '#!/bin/bash\n/usr/sbin/postconf -c /opt/postfix/conf "$@"' > /usr/local/sbin/postconf \
+ && chmod +x /usr/local/sbin/postconf
+
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+COPY syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng-redis_slave.conf
+COPY postfix.sh /opt/postfix.sh
+COPY rspamd-pipe-ham /usr/local/bin/rspamd-pipe-ham
+COPY rspamd-pipe-spam /usr/local/bin/rspamd-pipe-spam
+COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh
+COPY smtpd_last_login.sh /usr/local/bin/smtpd_last_login.sh
+COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+RUN chmod +x /opt/postfix.sh \
+ /usr/local/bin/rspamd-pipe-ham \
+ /usr/local/bin/rspamd-pipe-spam \
+ /usr/local/bin/whitelist_forwardinghosts.sh \
+ /usr/local/bin/smtpd_last_login.sh \
+ /usr/local/sbin/stop-supervisor.sh
+RUN rm -rf /tmp/* /var/tmp/*
+
+EXPOSE 588
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/docker-entrypoint.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/docker-entrypoint.sh
new file mode 100755
index 0000000..c97b128
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/docker-entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Run hooks
+for file in /hooks/*; do
+ if [ -x "${file}" ]; then
+ echo "Running hook ${file}"
+ "${file}"
+ fi
+done
+
+if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
+ cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
+fi
+
+exec "$@"
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
new file mode 100755
index 0000000..3b18de4
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh
@@ -0,0 +1,379 @@
+#!/bin/bash
+
+trap "postfix stop" EXIT
+
+[[ ! -d /opt/postfix/conf/sql/ ]] && mkdir -p /opt/postfix/conf/sql/
+
+# Wait for MySQL to warm-up
+while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
+ echo "Waiting for database to come up..."
+ sleep 2
+done
+
+until dig +short mailcow.email @unbound > /dev/null; do
+ echo "Waiting for DNS..."
+ sleep 1
+done
+
+cat <<EOF > /etc/aliases
+# Autogenerated by mailcow
+null: /dev/null
+watchdog: /dev/null
+ham: "|/usr/local/bin/rspamd-pipe-ham"
+spam: "|/usr/local/bin/rspamd-pipe-spam"
+EOF
+newaliases;
+
+# create sni configuration
+echo -n "" > /opt/postfix/conf/sni.map;
+for cert_dir in /etc/ssl/mail/*/ ; do
+ if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
+ continue;
+ fi
+ IFS=" " read -r -a domains <<< "$(cat "${cert_dir}domains")"
+ for domain in "${domains[@]}"; do
+ echo -n "${domain} ${cert_dir}key.pem ${cert_dir}cert.pem" >> /opt/postfix/conf/sni.map;
+ echo "" >> /opt/postfix/conf/sni.map;
+ done
+done
+postmap -F hash:/opt/postfix/conf/sni.map;
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_relay_ne.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT IF(EXISTS(SELECT address, domain FROM alias
+ WHERE address = '%s'
+ AND domain IN (
+ SELECT domain FROM domain
+ WHERE backupmx = '1'
+ AND relay_all_recipients = '1'
+ AND relay_unknown_only = '1')
+
+ ), 'lmtp:inet:dovecot:24', NULL) AS 'transport'
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT DISTINCT
+ CASE WHEN '%d' IN (
+ SELECT domain FROM domain
+ WHERE relay_all_recipients=1
+ AND domain='%d'
+ AND backupmx=1
+ )
+ THEN '%s' ELSE (
+ SELECT goto FROM alias WHERE address='%s' AND active='1'
+ )
+ END AS result;
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT CONCAT(policy, ' ', parameters) AS tls_policy FROM tls_policy_override WHERE active = '1' AND dest = '%s'
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT IF(EXISTS(
+ SELECT 'TLS_ACTIVE' FROM alias
+ LEFT OUTER JOIN mailbox ON mailbox.username = alias.goto
+ WHERE (address='%s'
+ OR address IN (
+ SELECT CONCAT('%u', '@', target_domain) FROM alias_domain
+ WHERE alias_domain='%d'
+ )
+ ) AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.tls_enforce_in')) = '1' AND mailbox.active = '1'
+ ), 'reject_plaintext_session', NULL) AS 'tls_enforce_in';
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT GROUP_CONCAT(transport SEPARATOR '') AS transport_maps
+ FROM (
+ SELECT IF(EXISTS(SELECT 'smtp_type' FROM alias
+ LEFT OUTER JOIN mailbox ON mailbox.username = alias.goto
+ WHERE (address = '%s'
+ OR address IN (
+ SELECT CONCAT('%u', '@', target_domain) FROM alias_domain
+ WHERE alias_domain = '%d'
+ )
+ )
+ AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.tls_enforce_out')) = '1'
+ AND mailbox.active = '1'
+ ), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
+ UNION ALL
+ SELECT hostname AS transport FROM relayhosts
+ LEFT OUTER JOIN domain ON domain.relayhost = relayhosts.id
+ WHERE relayhosts.active = '1'
+ AND domain = '%d'
+ OR domain IN (
+ SELECT target_domain FROM alias_domain
+ WHERE alias_domain = '%d'
+ )
+ )
+ AS transport_view;
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_transport_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT CONCAT('smtp_via_transport_maps:', nexthop) AS transport FROM transports
+ WHERE active = '1'
+ AND destination = '%s';
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_resource_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT 'null@localhost' FROM mailbox
+ WHERE kind REGEXP 'location|thing|group' AND username = '%s';
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT CONCAT_WS(':', username, password) AS auth_data FROM relayhosts
+ WHERE id IN (
+ SELECT relayhost FROM domain
+ WHERE CONCAT('@', domain) = '%s'
+ OR domain IN (
+ SELECT target_domain FROM alias_domain WHERE CONCAT('@', alias_domain) = '%s'
+ )
+ )
+ AND active = '1'
+ AND username != '';
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT CONCAT_WS(':', username, password) AS auth_data FROM transports
+ WHERE nexthop = '%s'
+ AND active = '1'
+ AND username != ''
+ LIMIT 1;
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT username FROM mailbox, alias_domain
+ WHERE alias_domain.alias_domain = '%d'
+ AND mailbox.username = CONCAT('%u', '@', alias_domain.target_domain)
+ AND (mailbox.active = '1' OR mailbox.active = '2')
+ AND alias_domain.active='1'
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_alias_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT goto FROM alias
+ WHERE address='%s'
+ AND (active='1' OR active='2');
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT bcc_dest FROM bcc_maps
+ WHERE local_dest='%s'
+ AND type='rcpt'
+ AND active='1';
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_sender_bcc_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT bcc_dest FROM bcc_maps
+ WHERE local_dest='%s'
+ AND type='sender'
+ AND active='1';
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT new_dest FROM recipient_maps
+ WHERE old_dest='%s'
+ AND active='1';
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT alias_domain from alias_domain WHERE alias_domain='%s' AND active='1'
+ UNION
+ SELECT domain FROM domain
+ WHERE domain='%s'
+ AND active = '1'
+ AND backupmx = '0'
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT CONCAT(JSON_UNQUOTE(JSON_VALUE(attributes, '$.mailbox_format')), mailbox_path_prefix, '%d/%u/') FROM mailbox WHERE username='%s' AND (active = '1' OR active = '2')
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '1' AND active = '1'
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+# First select queries domain and alias_domain to determine if domains are active.
+query = SELECT goto FROM alias
+ WHERE address='%s'
+ AND active='1'
+ AND (domain IN
+ (SELECT domain FROM domain
+ WHERE domain='%d'
+ AND active='1')
+ OR domain in (
+ SELECT alias_domain FROM alias_domain
+ WHERE alias_domain='%d'
+ AND active='1'
+ )
+ )
+ UNION
+ SELECT logged_in_as FROM sender_acl
+ WHERE send_as='@%d'
+ OR send_as='%s'
+ OR send_as='*'
+ OR send_as IN (
+ SELECT CONCAT('@',target_domain) FROM alias_domain
+ WHERE alias_domain = '%d')
+ OR send_as IN (
+ SELECT CONCAT('%u','@',target_domain) FROM alias_domain
+ WHERE alias_domain = '%d')
+ AND logged_in_as NOT IN (
+ SELECT goto FROM alias
+ WHERE address='%s')
+ UNION
+ SELECT username FROM mailbox, alias_domain
+ WHERE alias_domain.alias_domain = '%d'
+ AND mailbox.username = CONCAT('%u','@',alias_domain.target_domain)
+ AND (mailbox.active = '1' OR mailbox.active ='2')
+ AND alias_domain.active='1'
+EOF
+
+# Reject sasl usernames with smtp disabled
+cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_access_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT 'REJECT' FROM mailbox WHERE username = '%u' AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.smtp_access')) = '0';
+EOF
+
+cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT goto FROM spamalias
+ WHERE address='%s'
+ AND validity >= UNIX_TIMESTAMP()
+EOF
+
+sed -i '/User overrides/q' /opt/postfix/conf/main.cf
+echo >> /opt/postfix/conf/main.cf
+touch /opt/postfix/conf/extra.cf
+sed -i '/myhostname/d' /opt/postfix/conf/extra.cf
+echo -e "myhostname = ${MAILCOW_HOSTNAME}\n$(cat /opt/postfix/conf/extra.cf)" > /opt/postfix/conf/extra.cf
+
+cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf
+
+if [ ! -f /opt/postfix/conf/custom_transport.pcre ]; then
+ echo "Creating dummy custom_transport.pcre"
+ touch /opt/postfix/conf/custom_transport.pcre
+fi
+
+if [[ ! -f /opt/postfix/conf/custom_postscreen_whitelist.cidr ]]; then
+ echo "Creating dummy custom_postscreen_whitelist.cidr"
+ echo '# Autogenerated by mailcow' > /opt/postfix/conf/custom_postscreen_whitelist.cidr
+fi
+
+# Fix SMTP last login on slaves
+sed -i "s/__REDIS_SLAVEOF_IP__/${REDIS_SLAVEOF_IP}/g" /usr/local/bin/smtpd_last_login.sh
+
+# Fix Postfix permissions
+chown -R root:postfix /opt/postfix/conf/sql/ /opt/postfix/conf/custom_transport.pcre
+chmod 640 /opt/postfix/conf/sql/*.cf /opt/postfix/conf/custom_transport.pcre
+chgrp -R postdrop /var/spool/postfix/public
+chgrp -R postdrop /var/spool/postfix/maildrop
+postfix set-permissions
+
+# Check Postfix configuration
+postconf -c /opt/postfix/conf > /dev/null
+
+if [[ $? != 0 ]]; then
+ echo "Postfix configuration error, refusing to start."
+ exit 1
+else
+ postfix -c /opt/postfix/conf start
+ sleep 126144000
+fi
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/rspamd-pipe-ham b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/rspamd-pipe-ham
new file mode 100755
index 0000000..9b26817
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/rspamd-pipe-ham
@@ -0,0 +1,9 @@
+#!/bin/bash
+FILE=/tmp/mail$$
+cat > $FILE
+trap "/bin/rm -f $FILE" 0 1 2 3 13 15
+
+cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/learnham
+cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzyadd
+
+exit 0
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/rspamd-pipe-spam b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/rspamd-pipe-spam
new file mode 100755
index 0000000..d06aa91
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/rspamd-pipe-spam
@@ -0,0 +1,9 @@
+#!/bin/bash
+FILE=/tmp/mail$$
+cat > $FILE
+trap "/bin/rm -f $FILE" 0 1 2 3 13 15
+
+cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/learnspam
+cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzyadd
+
+exit 0
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/smtpd_last_login.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/smtpd_last_login.sh
new file mode 100755
index 0000000..9d249af
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/smtpd_last_login.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+REDIS_SLAVEOF_IP=__REDIS_SLAVEOF_IP__
+
+# Do not attempt to write to slave
+if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
+ REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
+else
+ REDIS_CMDLINE="redis-cli -h redis -p 6379"
+fi
+
+while read QUERY; do
+ QUERY=($QUERY)
+ # If nothing matched, end here - Postfix last line will be empty
+ if [[ -z "$(echo ${QUERY[0]} | tr -d '\040\011\012\015')" ]]; then
+ echo -ne "action=dunno\n\n"
+ # We found a username, log and return
+ elif [[ "${QUERY[0]}" =~ sasl_username ]]; then
+ MUSER=$(printf "%q" ${QUERY[0]#sasl_username=})
+ ${REDIS_CMDLINE} SET "last-login/smtp/$MUSER" "$(date +%s)"
+ echo -ne "action=dunno\n\n"
+ fi
+done
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/stop-supervisor.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/stop-supervisor.sh
new file mode 100755
index 0000000..5394490
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/stop-supervisor.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+printf "READY\n";
+
+while read line; do
+ echo "Processing Event: $line" >&2;
+ kill -3 $(cat "/var/run/supervisord.pid")
+done < /dev/stdin
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/supervisord.conf b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/supervisord.conf
new file mode 100644
index 0000000..134a6c6
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/supervisord.conf
@@ -0,0 +1,24 @@
+[supervisord]
+pidfile=/var/run/supervisord.pid
+nodaemon=true
+user=root
+
+[program:syslog-ng]
+command=/usr/sbin/syslog-ng --foreground --no-caps
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autostart=true
+
+[program:postfix]
+command=/opt/postfix.sh
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=true
+
+[eventlistener:processes]
+command=/usr/local/sbin/stop-supervisor.sh
+events=PROCESS_STATE_STOPPED, PROCESS_STATE_EXITED, PROCESS_STATE_FATAL
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
new file mode 100644
index 0000000..609ee55
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
@@ -0,0 +1,53 @@
+@version: 3.19
+@include "scl.conf"
+options {
+ chain_hostnames(off);
+ flush_lines(0);
+ use_dns(no);
+ dns_cache(no);
+ use_fqdn(no);
+ owner("root"); group("adm"); perm(0640);
+ stats_freq(0);
+ bad_hostname("^gconfd$");
+};
+source s_src {
+ unix-stream("/dev/log");
+ internal();
+};
+destination d_stdout { pipe("/dev/stdout"); };
+destination d_redis_ui_log {
+ redis(
+ host("`REDIS_SLAVEOF_IP`")
+ persist-name("redis1")
+ port(`REDIS_SLAVEOF_PORT`)
+ command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+ );
+};
+destination d_redis_f2b_channel {
+ redis(
+ host("`REDIS_SLAVEOF_IP`")
+ persist-name("redis2")
+ port(`REDIS_SLAVEOF_PORT`)
+ command("PUBLISH" "F2B_CHANNEL" "$MESSAGE")
+ );
+};
+filter f_mail { facility(mail); };
+# start
+# overriding warnings are still displayed when the entrypoint runs its initial check
+# warnings logged by postfix-mailcow to syslog are hidden to reduce repeating msgs
+# Some other warnings are ignored
+filter f_ignore {
+ not match("overriding earlier entry" value("MESSAGE"));
+ not match("TLS SNI from checks.mailcow.email" value("MESSAGE"));
+ not match("no SASL support" value("MESSAGE"));
+ not facility (local0, local1, local2, local3, local4, local5, local6, local7);
+};
+# end
+log {
+ source(s_src);
+ filter(f_ignore);
+ destination(d_stdout);
+ filter(f_mail);
+ destination(d_redis_ui_log);
+ destination(d_redis_f2b_channel);
+};
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng.conf b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng.conf
new file mode 100644
index 0000000..9e14fe1
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/syslog-ng.conf
@@ -0,0 +1,53 @@
+@version: 3.19
+@include "scl.conf"
+options {
+ chain_hostnames(off);
+ flush_lines(0);
+ use_dns(no);
+ dns_cache(no);
+ use_fqdn(no);
+ owner("root"); group("adm"); perm(0640);
+ stats_freq(0);
+ bad_hostname("^gconfd$");
+};
+source s_src {
+ unix-stream("/dev/log");
+ internal();
+};
+destination d_stdout { pipe("/dev/stdout"); };
+destination d_redis_ui_log {
+ redis(
+ host("redis-mailcow")
+ persist-name("redis1")
+ port(6379)
+ command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+ );
+};
+destination d_redis_f2b_channel {
+ redis(
+ host("redis-mailcow")
+ persist-name("redis2")
+ port(6379)
+ command("PUBLISH" "F2B_CHANNEL" "$MESSAGE")
+ );
+};
+filter f_mail { facility(mail); };
+# start
+# overriding warnings are still displayed when the entrypoint runs its initial check
+# warnings logged by postfix-mailcow to syslog are hidden to reduce repeating msgs
+# Some other warnings are ignored
+filter f_ignore {
+ not match("overriding earlier entry" value("MESSAGE"));
+ not match("TLS SNI from checks.mailcow.email" value("MESSAGE"));
+ not match("no SASL support" value("MESSAGE"));
+ not facility (local0, local1, local2, local3, local4, local5, local6, local7);
+};
+# end
+log {
+ source(s_src);
+ filter(f_ignore);
+ destination(d_stdout);
+ filter(f_mail);
+ destination(d_redis_ui_log);
+ destination(d_redis_f2b_channel);
+};
diff --git a/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh
new file mode 100755
index 0000000..4ad5ab3
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+while read QUERY; do
+ QUERY=($QUERY)
+ if [ "${QUERY[0]}" != "get" ]; then
+ echo "500 dunno"
+ continue
+ fi
+ result=$(curl -s http://nginx:8081/forwardinghosts.php?host=${QUERY[1]})
+ logger -t whitelist_forwardinghosts -p mail.info "Look up ${QUERY[1]} on whitelist, result $result"
+ echo ${result}
+done